[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema: encrypted 8-bit userPassword and SASLprep

To: Jim Sermersheim <jimse@novell.com>
Subject: Re: Schema: encrypted 8-bit userPassword and SASLprep
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 12 Sep 2003 17:00:46 +0200
Cc: michael@stroeder.com, ietf-ldapbis@OpenLDAP.org
In-reply-to: <HBF.20030912slb8@bombur.uio.no>
References: <sf617e6c.072@prv-mail20.provo.novell.com> <HBF.20030912slb8@bombur.uio.no>

I wrote:
>Jim Sermersheim writes:
>
>> Halvard, if you are still talking about userPassword, see Section 2.41
>> in
>> http://ietf.org/internet-drafts/draft-ietf-ldapbis-user-schema-06.txt:
>> "Passwords are stored using an Octet String syntax and are not
>> encrypted. "
> 
> Oh my.  I didn't notice that.  Or maybe I did, but just didn't believe
> what I saw:-)
> 
> Please, could we remove this requirement?  (...)

I should have calmed down before I wrote that:-)

Another solution, of course, is for the server to store the encrypted
passwords elsewhere.

I'd be interested to know what today's servers do, though.  Is the
quoted sentence above at odds with current practice?  If so, I still
suggest the sentence is removed.

All I know is that OpenLDAP allows encrypted as well as passwords
passwords in userPassword.

-- 
Hallvard

Follow-Ups:
- Re: Schema: encrypted 8-bit userPassword and SASLprep
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: Schema: encrypted 8-bit userPassword and SASLprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Schema: encrypted 8-bit userPassword and SASLprep
Next by Date: Re: Schema: encrypted 8-bit userPassword and SASLprep
Index(es):
- Chronological
- Thread